diff options
Diffstat (limited to 'pdf-as-web')
14 files changed, 179 insertions, 116 deletions
diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle index f5843650..3123668d 100644 --- a/pdf-as-web/build.gradle +++ b/pdf-as-web/build.gradle @@ -56,8 +56,7 @@ dependencies { api project (':pdf-as-web-status') api project (':pdf-as-web-statistic-api') api project (':pdf-as-pdfbox-2') - api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.4' - // Upgrade dependency of commons-fileupload from 2.2 to 2.8.0 to avoid CVE-2021-29425 + api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5' api group: 'commons-io', name: 'commons-io', version: '2.11.0' api group: 'opensymphony', name: 'sitemesh', version: '2.4.2' api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1' @@ -69,12 +68,12 @@ dependencies { api 'org.apache.cxf:cxf-rt-transports-http:3.5.5' api 'org.apache.cxf:cxf-rt-frontend-jaxws:3.5.5' api 'com.thetransactioncompany:cors-filter:2.10' - api 'ch.qos.logback:logback-classic:1.2.11' - api 'ch.qos.logback:logback-core:1.2.11' - api 'org.json:json:20220924' + api 'ch.qos.logback:logback-classic:1.2.12' + api 'ch.qos.logback:logback-core:1.2.12' + api 'org.json:json:20230227' api group: 'javax.jws', name: 'javax.jws-api', version: '1.1' compileOnly 'javax.servlet:javax.servlet-api:3.0.1' - testRuntime 'org.springframework:spring-test:5.2.22.RELEASE' + testImplementation 'org.springframework:spring-test:5.3.28' } diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties index 556fd667..fe6c9576 100644 --- a/pdf-as-web/src/main/configuration/pdf-as-web.properties +++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties @@ -51,6 +51,7 @@ whitelist.enabled=true whitelist.url.01=^.*$ public.url=http://localhost:8080/pdf-as-web +#public.data.url=http://localhost:8088/pdf-as-web #Request Store # Default In Memory Store diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java index 1fffb17d..81b60131 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java @@ -39,6 +39,7 @@ import at.gv.egiz.pdfas.web.helper.PdfAsHelper; public class WebConfiguration implements IConfigurationConstants { public static final String PUBLIC_URL = "public.url"; + public static final String PUBLIC_DATA_URL = "public.data.url"; public static final String LOCAL_BKU_ENABLED = "bku.sign.enabled"; public static final String ONLINE_BKU_ENABLED = "moc.sign.enabled"; public static final String MOBILE_BKU_ENABLED = "mobile.sign.enabled"; @@ -226,6 +227,10 @@ public class WebConfiguration implements IConfigurationConstants { return properties.getProperty(PUBLIC_URL); } + public static String getPublicDataURL() { + return properties.getProperty(PUBLIC_DATA_URL); + } + public static String getLocalBKUURL() { if(getLocalBKUEnabled()) { String overwrite = properties.getProperty(CONFIG_BKU_URL); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java index 675b1d6b..5d1abc15 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java @@ -24,7 +24,9 @@ package at.gv.egiz.pdfas.web.filter; import java.io.IOException; +import java.util.Collections; import java.util.Enumeration; +import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -34,26 +36,47 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.apache.commons.lang3.StringUtils; import org.slf4j.MDC; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import at.gv.egiz.pdfas.web.helper.PdfAsHelper; +import com.beust.jcommander.Strings; +import com.beust.jcommander.internal.Lists; + +import lombok.extern.slf4j.Slf4j; /** * Servlet Filter implementation class ExceptionCatchFilter */ +@Slf4j public class ExceptionCatchFilter implements Filter { - private static final Logger logger = LoggerFactory.getLogger(ExceptionCatchFilter.class); - + List<String> statelessPaths; + /** * Default constructor. */ public ExceptionCatchFilter() { } + /** + * @see Filter#init(FilterConfig) + */ + public void init(FilterConfig fConfig) throws ServletException { + String statelessConfigStrings = fConfig.getInitParameter("statelessServlets"); + if (statelessConfigStrings != null) { + statelessPaths = Lists.newArrayList(StringUtils.split(statelessConfigStrings, ",")); + + } else { + statelessPaths = Collections.emptyList(); + + } + log.info("Stateless paths set to: {}", Strings.join(", ", statelessPaths)); + + } + + /** * @see Filter#destroy() */ @@ -68,12 +91,15 @@ public class ExceptionCatchFilter implements Filter { try { if (request instanceof HttpServletRequest) { - HttpServletRequest httpRequest = (HttpServletRequest) request; - MDC.put("SESSION_ID", httpRequest.getSession().getId()); - logger.debug("Processing Parameters into Attributes"); - logger.warn("Access from IP {}", getClientIpAddr(httpRequest)); - - PdfAsHelper.logAccess(httpRequest); + HttpServletRequest httpRequest = (HttpServletRequest) request; + + HttpSession session = httpRequest.getSession(isStatefull(httpRequest.getServletPath())); + String sessionId = session != null ? session.getId() : "-"; + MDC.put("SESSION_ID", sessionId); + log.info("Access from IP: {}", getClientIpAddr(httpRequest)); + log.info("Access to: {} in Session: {}", httpRequest.getServletPath(), sessionId); + + log.debug("Processing Parameters into Attributes"); @SuppressWarnings("unchecked") Enumeration<String> parameterNames = httpRequest.getParameterNames(); while (parameterNames.hasMoreElements()) { @@ -85,33 +111,41 @@ public class ExceptionCatchFilter implements Filter { try { chain.doFilter(request, response); + } finally { - if (response != null) { - if (response instanceof HttpServletResponse) { - HttpServletResponse resp = (HttpServletResponse) response; - logger.debug("Got response status: {}", resp.getStatus()); - } else { - logger.warn("Response is not a HttpServletResponse!"); - } - } else { - logger.warn("Response is not a HttpServletResponse!"); + if (response instanceof HttpServletResponse) { + HttpServletResponse resp = (HttpServletResponse) response; + log.debug("Got response status: {}", resp.getStatus()); + + } else { + log.warn("Response is not a HttpServletResponse!"); + } } } catch (Throwable e) { - logger.error("Unhandled exception found", e); + log.error("Unhandled exception found", e); throw new ServletException(e.getMessage()); + } finally { MDC.remove("SESSION_ID"); + } /* * } catch(Throwable e) { * System.err.println("Unhandled Exception found!"); * e.printStackTrace(System.err); - * logger.error("Unhandled Exception found!", e); } + * log.error("Unhandled Exception found!", e); } */ } - public static String getClientIpAddr(HttpServletRequest request) { + private boolean isStatefull(String contextPath) { + boolean statefull = !statelessPaths.contains(contextPath); + log.trace("ServletPath: {} is marked as {}", contextPath, statefull ? "statefull" : "stateless"); + return statefull; + + } + + public static String getClientIpAddr(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); @@ -131,10 +165,4 @@ public class ExceptionCatchFilter implements Filter { return ip; } - /** - * @see Filter#init(FilterConfig) - */ - public void init(FilterConfig fConfig) throws ServletException { - } - } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java index 504cf472..ef7d391d 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java @@ -10,14 +10,11 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class UserAgentFilter implements Filter { - private static final Logger logger = LoggerFactory - .getLogger(UserAgentFilter.class); - @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub @@ -37,7 +34,7 @@ public class UserAgentFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if(request instanceof HttpServletRequest) { - logger.debug("Processing Parameters into Attributes"); + log.debug("Processing Parameters into Attributes"); HttpServletRequest httpRequest = (HttpServletRequest)request; requestUserAgent.set(httpRequest.getHeader("User-Agent")); } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 35b5a7ce..9900dda4 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -161,7 +161,9 @@ public class PdfAsHelper { reloadConfig(); } - public static void init() { + public static void init() { + JsonSecurityUtils.getInstance(); + log.info("PDF-AS Helper initialized"); } @@ -536,7 +538,9 @@ public class PdfAsHelper { // set Signature Position signParameter.setSignaturePosition(documentToSign.getPosition()); - + signParameter.setPlaceHolderId(documentToSign.getPlaceHolderId()); + signParameter.setPlaceHolderSearchEnabled(documentToSign.isPlaceholderSearchEnabled()); + // Set Preprocessor if (coreParams.getPreprocessor() != null) { signParameter.setPreprocessorArguments(coreParams.getPreprocessor()); @@ -549,8 +553,7 @@ public class PdfAsHelper { PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); - verResponse.setSignerCertificate(signResult.getSignerCertificate() - .getEncoded()); + verResponse.setSignerCertificate(signResult.getSignerCertificate().getEncoded()); SignedDocument signPdfDoc = SignedDocument.builder() @@ -660,7 +663,8 @@ public class PdfAsHelper { // set Signature Position signParameter.setSignaturePosition(pdfToSign.getPosition()); - + signParameter.setPlaceHolderId(pdfToSign.getPlaceHolderId()); + signParameter.setPlaceHolderSearchEnabled(pdfToSign.isPlaceholderSearchEnabled()); signParameter.setDynamicSignatureBlockArguments(coreSignParams.getSignatureBlockParameters()); return pdfAs.startSign(signParameter); @@ -787,12 +791,6 @@ public class PdfAsHelper { PdfAsHelper.process(request, response, context); } - public static void logAccess(HttpServletRequest request) { - HttpSession session = request.getSession(); - log.info("Access to " + request.getServletPath() + " in Session: " - + session.getId()); - } - public static JSONStartResponse startJsonProcess(HttpServletRequest request, HttpServletResponse response, ServletContext context) throws Exception { @@ -907,6 +905,10 @@ public class PdfAsHelper { JsonObject sl20Req = null; String reqId = UUID.randomUUID().toString(); if (WebConfiguration.isSL20SigningEnabled()) { + if (joseTools == null) { + throw new PdfAsException("error.config.sl20.01"); + } + String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand( SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams, joseTools); sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand); @@ -1361,29 +1363,35 @@ public class PdfAsHelper { private static String generateURL(HttpServletRequest request, HttpServletResponse response, String Servlet) { - HttpSession session = request.getSession(); - String publicURL = WebConfiguration.getPublicURL(); - String dataURL = null; - if (publicURL != null) { - dataURL = publicURL + Servlet + ";jsessionid=" + session.getId(); - } else { - if ((request.getScheme().equals("http") && request.getServerPort() == 80) - || (request.getScheme().equals("https") && request - .getServerPort() == 443)) { - dataURL = request.getScheme() + "://" + request.getServerName() - + request.getContextPath() + Servlet + ";jsessionid=" - + session.getId(); - } else { - dataURL = request.getScheme() + "://" + request.getServerName() - + ":" + request.getServerPort() - + request.getContextPath() + Servlet + ";jsessionid=" - + session.getId(); - } - } - log.debug("Generated URL: " + dataURL); - return dataURL; + return generateURL(request, response, Servlet, WebConfiguration.getPublicURL()); + } + private static String generateURL(HttpServletRequest request, + HttpServletResponse response, String Servlet, String publicURL) { + HttpSession session = request.getSession(); + String dataURL = null; + if (publicURL != null) { + dataURL = publicURL + Servlet + ";jsessionid=" + session.getId(); + } else { + if ((request.getScheme().equals("http") && request.getServerPort() == 80) + || (request.getScheme().equals("https") && request + .getServerPort() == 443)) { + dataURL = request.getScheme() + "://" + request.getServerName() + + request.getContextPath() + Servlet + ";jsessionid=" + + session.getId(); + } else { + dataURL = request.getScheme() + "://" + request.getServerName() + + ":" + request.getServerPort() + + request.getContextPath() + Servlet + ";jsessionid=" + + session.getId(); + } + } + log.debug("Generated URL: " + dataURL); + return dataURL; + } + + public static void regenerateSession(HttpServletRequest request) { request.getSession(false).invalidate(); request.getSession(true); @@ -1391,12 +1399,16 @@ public class PdfAsHelper { public static String generateDataURLSL20(HttpServletRequest request, HttpServletResponse response) { - return generateURL(request, response, PDF_SL20_DATAURL_PAGE); + return generateURL(request, response, PDF_SL20_DATAURL_PAGE, + WebConfiguration.getPublicDataURL() != null + ? WebConfiguration.getPublicDataURL() : WebConfiguration.getPublicURL()); } public static String generateDataURL(HttpServletRequest request, HttpServletResponse response) { - return generateURL(request, response, PDF_DATAURL_PAGE); + return generateURL(request, response, PDF_DATAURL_PAGE, + WebConfiguration.getPublicDataURL() != null + ? WebConfiguration.getPublicDataURL() : WebConfiguration.getPublicURL()); } public static String generateProvideURL(HttpServletRequest request, diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index 31fbf46d..1ed85e98 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -30,11 +30,13 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; -import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; +import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; + public class PdfAsParameterExtractor { public static final String PARAM_CONNECTOR = "connector"; @@ -118,6 +120,16 @@ public class PdfAsParameterExtractor { return (String)request.getAttribute(IConfigurationConstants.PLACEHOLDER_WEB_ID); } + public static boolean isPlaceholderSearchEnabled(HttpServletRequest request) { + String value = (String)request.getAttribute(IConfigurationConstants.PLACEHOLDER_WEB_ENABLED); + if (StringUtils.isNotEmpty(value)) { + return Boolean.valueOf(value); + + } else { + return true; + } + } + public static String getTransactionId(HttpServletRequest request) { String transactionId = (String)request.getAttribute(PARAM_TRANSACTION_ID); return transactionId; diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index 72128a9c..42236f5e 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -42,8 +42,8 @@ import at.gv.egiz.pdfas.web.helper.HTMLFormater; import at.gv.egiz.pdfas.web.helper.PdfAsHelper; import at.gv.egiz.pdfas.web.helper.UrlParameterExtractor; import at.gv.egiz.pdfas.web.stats.StatisticEvent; -import at.gv.egiz.pdfas.web.stats.StatisticFrontend; import at.gv.egiz.pdfas.web.stats.StatisticEvent.Status; +import at.gv.egiz.pdfas.web.stats.StatisticFrontend; /** * Servlet implementation class ErrorPage @@ -116,11 +116,14 @@ public class ErrorPage extends HttpServlet { String template = PdfAsHelper.getErrorRedirectTemplateSL(); URL url = new URL(errorURL); - String errorURLProcessed = url.getProtocol() + "://" + // "http" + ":// - url.getHost() + // "myhost" - ":" + // ":" - url.getPort() + // "8080" - url.getPath(); + String errorURLProcessed = url.getProtocol() + "://" + url.getHost(); + if (url.getPort() != -1) { + errorURLProcessed += ":" + url.getPort(); + + } + + errorURLProcessed += url.getPath(); + template = template.replace("##ERROR_URL##", errorURLProcessed); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index 898e44e2..957614b1 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -46,10 +46,8 @@ import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsValidationException; import at.gv.egiz.pdfas.common.settings.ISettings; -import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; import at.gv.egiz.pdfas.lib.api.PdfAsFactory; import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; -import at.gv.egiz.pdfas.lib.impl.configuration.PlaceholderWebConfiguration; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; import at.gv.egiz.pdfas.web.filter.UserAgentFilter; @@ -346,20 +344,6 @@ public class ExternSignServlet extends HttpServlet { String responseMode = PdfAsParameterExtractor.getResonseMode(request); PdfAsHelper.setResponseMode(request, response, responseMode); - - //read and set placholder web id - try{ - String placeholder_id = PdfAsParameterExtractor.getPlaceholderId(request); - if(org.apache.commons.lang3.StringUtils.isNotEmpty(placeholder_id)) { - PlaceholderWebConfiguration.setValue(IConfigurationConstants.PLACEHOLDER_WEB_ID, placeholder_id); - } else { - PlaceholderWebConfiguration.clear(); - } - - } catch(Exception e) { - log.error(e.getLocalizedMessage()); - } - String filename = PdfAsParameterExtractor.getFilename(request); if(filename != null) { log.debug("Setting Filename in session: " + filename); @@ -395,6 +379,9 @@ public class ExternSignServlet extends HttpServlet { document.setInputData(pdfData); document.setPosition(PdfAsHelper.buildPosString(request, response)); document.setProfile(PdfAsParameterExtractor.getSigType(request)); + document.setPlaceHolderId(PdfAsParameterExtractor.getPlaceholderId(request)); + log.debug("Add placeholderId: {} into process information", document.getPlaceHolderId()); + document.setPlaceholderSearchEnabled(PdfAsParameterExtractor.isPlaceholderSearchEnabled(request)); document.setQrCodeContent(qrcodeContent); document.setFileName(PdfAsHelper.getPDFFileName(request)); data.addDocumentToSign(document); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java index bf45745d..96d02f16 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java @@ -26,6 +26,8 @@ package at.gv.egiz.pdfas.web.servlets; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.Iterator; import java.util.List; import java.util.zip.Deflater; @@ -37,6 +39,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egiz.pdfas.api.processing.PdfasSignResponse; import at.gv.egiz.pdfas.api.processing.SignedDocument; import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.web.config.WebConfiguration; @@ -85,7 +88,15 @@ public class PDFData extends HttpServlet { protected void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (PdfAsHelper.getPdfSigningResponse(request).getSignedPdfs().isEmpty()) { + PdfasSignResponse resultObject = PdfAsHelper.getPdfSigningResponse(request); + + if (resultObject == null) { + log.warn("No data for session with Id: {}", request.getSession().getId()); + PdfAsHelper.setSessionException(request, response, + "No signed pdf document available.", null); + PdfAsHelper.gotoError(getServletContext(), request, response); + + } else if (resultObject.getSignedPdfs().isEmpty()) { log.info("No signed pdf document available."); PdfAsHelper.setSessionException(request, response, "No signed pdf document available.", null); @@ -136,7 +147,7 @@ public class PDFData extends HttpServlet { } // build response - response.setHeader("Content-Disposition", "inline;filename=multiple_documents.zip"); + response.setHeader("Content-Disposition", "inline;filename=\"multiple_documents.zip\""); response.setContentType("application/zip"); final OutputStream os = response.getOutputStream(); @@ -225,8 +236,13 @@ public class PDFData extends HttpServlet { return; } } - response.setHeader("Content-Disposition", "inline;filename=" - + PdfAsHelper.getPDFFileName(request)); + response.setHeader("Content-Disposition", "inline;filename=\"" + + PdfAsHelper.getPDFFileName(request) + "\""); + + response.setHeader("X-FILENAME-BASE64URL", + Base64.getUrlEncoder().encodeToString( + PdfAsHelper.getPDFFileName(request).getBytes(StandardCharsets.UTF_8))); + final String pdfCert = signedFile.getSignerCertificate(); if (pdfCert != null) { response.setHeader("Signer-Certificate", pdfCert); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java index f054db6a..b07293b1 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java @@ -32,6 +32,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol public static final String PARAM_ID = "id"; public static final String PARAM_PROFILE = "profile"; + public static final String PARAM_LANG = "lang"; public static final String PARAM_WIDTH = "w"; public static final String PARAM_HEIGHT = "h"; public static final String PARAM_BORDER = "b"; @@ -62,6 +63,8 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol String id = req.getParameter(PARAM_ID); String profile = req.getParameter(PARAM_PROFILE); + String lang = req.getParameter(PARAM_LANG) != null ? req.getParameter(PARAM_LANG) : "DE"; + String buildString = QR_PLACEHOLDER_IDENTIFIER; @@ -86,7 +89,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol if(profile != null && !profile.isEmpty()) { buildString = buildString + ";" + SignaturePlaceholderData.PROFILE_KEY + "=" + profile; - if(profile.endsWith("_EN")) { + if(lang.equalsIgnoreCase("EN")) { baseImage = "/img/PLACEHOLDER-SIG_EN.png"; filename = filename + "_en"; } else { @@ -103,7 +106,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol // default values set for pdf-as wai on buergerkarte.at int height = 60; int width = 300; - int border = 2; + int border = 1; if(req.getParameter(PARAM_HEIGHT) != null) { try { @@ -132,7 +135,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol } } - int qrSize = height - ( 2 * border); + int qrSize = height - (border); InputStream is = this.getClass().getClassLoader().getResourceAsStream(baseImage); if(is == null) { @@ -146,6 +149,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol // generate QR code try { QRCodeGenerator.generateQRCode(buildString, baos, qrSize); + } catch (WriterException e) { logger.warn("Failed to generate QR Code for placeholder generation", e); resp.sendError(HttpStatus.SC_INTERNAL_SERVER_ERROR); @@ -161,7 +165,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol Graphics g = off_Image.getGraphics(); g.setColor(Color.WHITE); g.fillRect(0, 0, width, height); - g.fillRect(border, border, width - (2 * border), height - (2 * border)); + //g.fillRect(border, border, width - (2 * border), height - (2 * border)); //g.drawImage(base, 0, 0, 250, 98, 0, 0, base.getWidth(), base.getHeight(), null); g.drawImage(qr, border, border, qrSize + border, qrSize + border, 0, 0, qr.getWidth(), qr.getHeight(), null); @@ -180,7 +184,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol int start = (height - textHeight) / 2; - if(profile != null && profile.endsWith("_EN")) { + if(lang.equalsIgnoreCase("EN")) { g.drawString("placeholder for the", qrSize + ( 3 * border), start + lineSpace); g.drawString("electronic signature", qrSize + ( 3 * border), start + (2 * lineSpace)); } else { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java index 71395304..ca005abe 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java @@ -5,20 +5,12 @@ import javax.xml.ws.Endpoint; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; -import org.apache.cxf.feature.LoggingFeature; -import org.apache.cxf.interceptor.LoggingInInterceptor; -import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.transport.servlet.CXFNonSpringServlet; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.web.ws.PDFASSigningImpl; import at.gv.egiz.pdfas.web.ws.PDFASVerificationImpl; public class SoapServiceServlet extends CXFNonSpringServlet { - - private static final Logger logger = LoggerFactory - .getLogger(SoapServiceServlet.class); /** * diff --git a/pdf-as-web/src/main/resources/META-INF/context.xml b/pdf-as-web/src/main/resources/META-INF/context.xml new file mode 100644 index 00000000..716b2233 --- /dev/null +++ b/pdf-as-web/src/main/resources/META-INF/context.xml @@ -0,0 +1,3 @@ +<Context> + <CookieProcessor sameSiteCookies="none" /> +</Context>
\ No newline at end of file diff --git a/pdf-as-web/src/main/webapp/WEB-INF/web.xml b/pdf-as-web/src/main/webapp/WEB-INF/web.xml index 7920ad91..46ae8272 100644 --- a/pdf-as-web/src/main/webapp/WEB-INF/web.xml +++ b/pdf-as-web/src/main/webapp/WEB-INF/web.xml @@ -12,6 +12,10 @@ <display-name>ExceptionCatchFilter</display-name> <description></description> <filter-class>at.gv.egiz.pdfas.web.filter.ExceptionCatchFilter</filter-class> + <init-param> + <param-name>statelessServlets</param-name> + <param-value>/placeholder,/visblock</param-value> + </init-param> </filter> <filter> <filter-name>UserAgentFilter</filter-name> |